CVE-2025-25200 details a vulnerability in Koa, a popular middleware for Node.js, involving an inefficient regular expression used in parsing the `X-Forwarded-Proto` and `X-Forwarded-Host` headers. This flaw can be exploited to conduct Denial-of-Service attacks. The issue is resolved in Koa versions 0.21.2, 1.7.1, 2.15.4, and 3.0.0-alpha.3, urging users to update their applications accordingly. This vulnerability has been assigned a CWE-ID related to inefficient regex complexity, highlighting its potential impact on service availability.
Koa, an expressive middleware for Node.js, contains a vulnerability in its regex parsing of HTTP headers that can lead to Denial-of-Service attacks.
The Koa vulnerability, identified as CVE-2025-25200, affects multiple versions prior to the specified fixes, posing risks to application stability.
Collection
[
|
...
]